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CLAM AMENDMENTS 




I . (Original) A method of establishing a TCP/IP connection between a client and 
a server such that the server may better withstand a S YN flood attack, the method 
comprising: 

receiving a TCP S YN packe^ requesting the formation of a TCP/IP connection 
m a client, the TCP SYN including a source IP address of the client; 

allocating a small TCP control block (TCB) to service a TCP/IP three-way 
handshake; and 

transmitting a TCP-ACK toi the IP address of the client. 



2. (Currently Amended) / Th e m e thod of claim L furth e r comprising: A method 
of establishing a TCP/IP connection between a client and a server such that the server 
may better withstand a SYN flood attack, the method comprising: 

receiving a TCP SYN packet requestin^^ the formation of a TCP/IP connection 
from a client, the TCP SYN including a source IP address of the client: 

allocating a small TCP/control block (TCB) to ser\^ice a TCP/IP three-way 
handshake: 

transmitting a TCP-AiCK to the IP address of the client; 

receiving an ACK fr<f)m the client in response to the TCP-ACK, the receipt of the 
ACK completing an establishment of a TCP connection; and 

thereafter notifying/a socket layer of the TCP connection. 

3. (Original) The/method of claim 2, further comprising caching route 
information for the client performed after receiving the ACK from the client. 



4. (Original) The method of claim 3, further comprising allocating a flill TCB to 
service the TCP connection after receiving the ACK from the client. 
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5. (Original) The method of claim 2, further comprising allocating a fiiU TCB to 
service the TCP connection after receiving the ACK from the client 

6. (Original) The method of claim 1, further comprising: 

receiving an ACK from the client in response to the TCP-ACK, the receipt of the 
ACK completing an establishment of a TCP connection; and 
thereafter caching route information for the client. 

7. (Currently Amended) / Th e method of claim 6, furth e r comprising A method 
of establishing a TCP/IP connection between a client and a server such that the server 
may better withstand a SYN flpod attack, the method comprising: 

receiving a TCP SYN jacket requesting the formation of a TCP/IP connection 
from a client, the TCP SYNmicluding a source IP address of the client: 

allocating a small TCP conti'ol block (TCB) to service a TCP/TP three-vvav 
handshake: / 

transmitting a TCP-ACK to the IP address of the client: 

receiving an ACK from the client in response to the TCP-ACK. the receipt of the 
ACK completing an ystablishment of a TCP connection: 

thereafter cadhing route information for the client; and 

notifying a socket layer of the TCP connection performed after receiving the ACK 
from the client. / 

8. (Original) The method of claim 1, wherein the step of allocating a small TCP 
control block (TCB) to service a TCP/IP three-way handshake comprises allocating a 
small TCB of size sufficient only to service the TCP/IP three-way handshake. 

9. (Original) The method of claim 1, wherein the step of allocating a small TCP 
control blocK (TCB) to service a TCP/IP three-way handshake comprises allocating a 
small TCB/of size insufficient to service the TCP connection. 



3 



In re Appln. of: Nk Srinivas 
Application No.: 09/602,431 



10. (Original) The method/of claim 1, further comprising: 

receiving an ACK from thp client in response to the TCP-ACK, the receipt of the 
ACK completing an establishment of a TCP connection; and 

thereafter allocating a full TCB to service the TCP connection. 

11. (Original) A method cf enhancing a server's ability to withstand a SYN flood 
attack, the method comprising: 

receiving a TCP SYN packet requesting the formation of a TCP/IP connection 
from a client having a source IP address; 

transmitting a SYN-ACk to the client at the source IP address; 
awaiting receipt of an ACK from the client at the source IP address; and 
thereafter notifying a socket layer of the TCP/IP connection. 



12. (Original) The mejfhod of claim 1 1, further comprising caching route 
information for the client after receipt of the ACK from the client. 

13. (Original) The method of claim 12, further comprising allocating a small TCP 
control block (TCB) after receiving the TCP SYN. 

14. (Original) The Method of claim 13, further comprising allocating a full size 
TCB after receiving the pIcK from the client. 



15. (Original) A method of enhancing a server's ability to withstand a SYN flood 
attack, the method comprising: 

receiving a TCP/ SYN packet requesting a TCP/IP connection from a client; 

allocating a small TCP control block (TCB) of size sufficient only to service the 
TCP/IP cormection request; 

transmitting a/s YN-ACK to the client; 

delaying a noiification of the TCP/IP connection request to a socket layer until an 
ACK is received from the client; and 
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delaying a caching of route information for the client until the ACK is received 
from the client. 



16. (Original) The 
receiving the ACK 
allocating a TCB of 
notifying the socket 
caching route information 



thod of claim 15, further comprising: 
ftom the client; and thereafter 
size sufficient to service the TCP/IP connection; 
layer of the TCP/IP connection; and 
for the client. 



17. (Original) A method of enhancing a server's ability to withstand a SYN flood 
attack, the method comprising: 

. receiving a TCP SYN from a supposed client to establish a TCP connection; 
transmitting a S yN-ACK to the supposed client; and 
only upon and ifl receipt of an ACK from the supposed client: 

1) caching route information for the supposed client; and 

2) notifying a socket layer of the TCP connection. 



18. (Originali) The method of claim 17, further comprising allocating upon receipt 
of the TCP SYN a imall TCP control block (TCB). 

19. (Original) The method of claim 18, wherein the small TCB is of size sufficient 
to service an establishment of a TCP cormection and insufficient to service an actual TCP 
coimection. / 

20. (Original) The method of claim 18, further comprising, only upon and if 
receipt of an/ACK from the supposed client, allocating a TCB of size sufficient to service 
the actual TCP connection. 
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